Governance, Risk and Compliance (GRC) Information Systems (IS) as an integrated technology has been introduced recently to facilitate the demanding operational and financial environment of the enterprises. The implementation process and the adoption of such systems is considered as a significant parameter influencing the success of operational performance and financial governance and could support the competitive advantage practices within the organisations. However, GRC literature is limited regarding the analysis of the implementation and adoption success. Therefore, there is a need for further research and contribution about these systems and more specifically their implementation process. Consequently, this investigation and analysis can provide an insight of this process by examining the aspects of the implementation, the lifecycle phases followed and the enterprise value drivers in each of these phases. Therefore, a framework was developed for structuring the analysis of this implementation including all these three elements as these were provided by the theoretic background. The empirical context of this research includes three field investigation studies based on the experience of key implementation stakeholder groups as participants. These investigation studies were analysed using thematic techniques following an interpretative qualitative analysis approach. It was proved that organisations have, directly or indirectly, followed specific lifecycle phases when they implement GRC systems as these are also described in the framework. Also they should consider specific aspects about the GRC systems and enterprise value drivers for the different lifecycle phases but also for a holistic approach of the implementation process. Hence new GRC implementation projects can use the phases and the analysis of these elements to facilitate and ease their decision-making and strategic planning before launching the implementation project. The analysis of the GRC implementation proved that a strict GRC environment can be established in the organisations through the successful implementation of a GRC technology. The implementation process of such technologies would require a preparation for the organisational environment in order the implementation project to succeed the GRC goals and the system to be integrated and optimised harmoniously within the enterprise environment. This study provides insight of how this implementation projects could be planned and developed and gives a directive blueprint for preparing organisations hosting such technological initiatives. The results of all field investigation phases, which can be considered as the contributions to theory and practice of this research, can have twofold implications: initially the development of a theoretical framework based on enterprise systems theories, and also an analysis of the GRC implementation process in specific. The framework is designed to structure the analysis of the GRC implementation aspects, the lifecycle phases and the enterprise value drivers of the GRC implementation process. This framework is used for visualising and structuring a specific analysis of the GRC adoption and success, and therefore this analysis can be used by practitioners and researchers to further evaluate and analyse this process. Furthermore, organisations can use this analysis for decision-making processes; as this analysis can provide a primary view for the implementation projects.

Supervisor:

Papazafeiropoulou, A.

Sponsor:

Not available

Qualification Name:

Thesis (Ph.D.)

Qualification Level:

Doctoral

EThOS ID:

uk.bl.ethos.619501

DOI:

Not available

Keywords:

Governance, risk and compliance (GRC) ; IT integration ; Financial and audity IS ; IS adoption ; Business IS